Related Blog Posts

Contents

The information in this web doc guides you through adding the IBM® Content Navigator server’s certificate to the desktop browser for Internet Explorer, Firefox, and Chrome. This document is an associated web doc for the web doc How to Successfully Integrate IBM Content Navigator with Box Repository, TIPS1350, found at:

Use the web server administrative console to check that the server that is hosting IBM Content Navigator has a valid SSL Server Certificate, which is self-signed or signed by a recognized authority. Ensure that the desktop browser (Internet Explorer, Chrome, or Firefox) can establish a trusted HTTPS connection to the web server without any certificate errors or security risk warnings. It is important that you are not presented with a certificate error.

Figure 8. Restarting the browser, connecting to IBM Content Navigator, and checking that there are no certificate warnings

If the certificate is created for a named host, ensure that you use the same host name format for the host name in your IBM Content Navigator URL. If the certificate uses the host short name, your IBM Content Navigator URL must use the host short name. If the certificate uses the FQDN, your IBM Content Navigator URL must use the FQDN.

Configuring the Firefox browser

When using Firefox with an untrusted certificate, you see the window that is shown in Figure 9.

Figure 9. Example of an untrusted connection with Firefox

To configure the Firefox browser, complete the following steps:

Click Add Exception, and then in the window that opens, which is shown in Figure 10, click Get Certificate. Click View.

Figure 10. Firefox Security Exception window

In the Certificate Viewer, which is shown in Figure 11, click the Details tab and select the root certificate.

Figure 11. Firefox Certificate Viewer

Click Export at the lower left of the Certificate Viewer window (Figure 11).

Save the file with a .crt or .pem extension, then close the Certificate Viewer and Security exception windows. Open the Firefox Options menu, as shown in Figure 12.

Select the Authorities tab and click Import to import the root certificate that was exported in step 3. Trust the CA certificate to identify websites.

Close and restart the browser, and reconnect to the IBM Content Navigator URL.

The connection should now be secure and trusted. Click the padlock icon to check the status.

Configuring the Chrome browser

To configure the Chrome browser, complete the following steps:

Click Customize and Control Google Chrome at the far right of the Chrome address bar and select Settings, as shown in Figure 14.

Figure 14. Selecting Settings

Type certificates into the search box in the Settings window, as shown in Figure 15.

Figure 15. Managing certificates in Chrome

Click Manage certificates.

Chrome on a Windows PC uses the same local certificate store as Internet Explorer, so if you already imported your Trusted CA certificate for Windows Internet Explorer, it already is available to Chrome. If it is not available, you see what is shown in Figure 16 when you connect to IBM Content Navigator with Chrome.

Figure 16. Untrusted connection in Chrome

Either use the earlier instructions for Internet Explorer to add the certificate, or use the following method:

Click the red triangle on the address bar, and then click Details. Figure 17 shows the information window that opens.

Figure 17. Chrome connection information window

After clicking Details, click View certificate in Security Overview. In the Certificate window, select the Certification Path tab, as shown in Figure 18.

Figure 18. Chrome Certificate Viewer

Select the top-level root certificate and click View Certificate. Select the Details tab and then Copy to file. The Certificate Export Wizard window opens, as shown in Figure 19.

Figure 19. Chrome Certificate Export Wizard

Save the certificate file by clicking Next. Save the file with a .cer extension, as shown in Figure 20.

Figure 20. Saving the certificate from the Export Wizard

Click Next and then Finish. Close Chrome and start the Windows local certificate manager on the desktop by running certmgr.msc. Figure 21 shows an example of the certificate manager console window.

To complete the import, accept the security message by clicking Yes if prompted with a window that is similar to Figure 25.

Figure 25: Complete the installation of the root certificate

Some versions of Chrome might report an obsolete encryption method. Despite this warning, the connection is still secure and you can continue with Box integration. For more information about how Google Chrome evaluates secure connections in the Chrome browser, see the following website:

Special Notices

This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a client responsibility and depends upon the client's ability to evaluate and integrate them into the client's operational environment.